Mikko Hypponen on RATs, Syria and Ft. Meade

We had the opportunity to do a formal interview with Mikko Hypponen of F-Secure at the conclusion of our week filming at the 2013 RSA Conference. We wanted to learn how he and his colleagues (the “Three Mikko’s”) helped decipher surveillance malware being used against Syrian activists and regime opponents.

Mikko Hypponen of F-Secure, interviewed during RSA.

This story about a human rights activist inside Syria who was targeted by the regime will be central to our film. Mikko blogged about the investigation at the time.

Mikko helped fill in the blanks, a few of which we can spell out here. The rest will have to wait until the film is released. Probably near the end of the year.

The attacker used Xtreme RAT (remote access trojan) which like Poison Ivy, Ghost Rat, and Dark Comet takes over a computer without the user knowing — controlling it, seeing the screen, recording every keystroke, and accessing files. It can even turn on the microphone and webcam to record a user’s words and actions.

The hard drive shipped to Mikko and his colleagues which they analyzed for surveillance malware.

“Sounds sinister,” Mikko said. “But we don’t know if it is a private IP (Internet provider), if it’s run by the regime, or by companies — or who the end users are. But it looks like [the data] went back to the Syrian regime.”

In this case data was sent to an Internet provider (IP: 216.6.0.28) identified as belonging to the Syrian Telecom Establishment. We looked it up. It’s still reported active — in Damascus. Here.

In relation to increasing levels of Internet-based surveillance and espionage, Mikko told us lately he’s been browsing online recruitment pages of military contractors such as Lockheed Martin. “They’re hiring exploit writers for offensive cyber operations by the dozens. In Ft. Meade Maryland [home of the NSA]! It doesn’t get much more open than that.”

“If someone told me five years ago [offensive cyber operations] would be this active, I wouldn’t have believed it. We’re definitely in a cyber arms race now.”

“I feel deeply about this. I’ve worked with viruses since the ’90s. So much has changed. Governments come in using the same tools that were used by kids for fun. Now it’s deadly serious things.”